CaptivePortal with freeradius + mysql: Max-Daily-Session
-
Hello everyone, i have a question for you, i hope someone can help me out because i really can't get this :)
i have enabled captive portal on my pfsense "wifi" interface (i named it like that) and configured the captive portal to use freeradius, i've installed the freeradius2 package on pfsense and it really works fine, i can also connect it to an external MySQL, it can read users, bandwidth limit per user works and i'm really happy about that.
the only problem that i'm facing now is that i would like to give a limited amount of time to users per day.
i noticed that there is this parameter i can add into the radcheck table: Max-Daily-Session := <time in="" seconds="">which should do the trick.
the problem is that the user doesn't get disconnected by the captive portal once the timelimit has expired.
If i log out and try to login again i receive the message i can't login because of timelimit exceeded, but the captive portal won't force me out.i tried the same feature with local user database and in that case everything seems to work fine, do you know if i need to enable something in particular in the freeradius configuration for this to work with mysql?
i also add another quick question (if this can be done) without opening another thread.
i'd like to have a popup showing me the remaining time when i login to the captive portal, i've seen a popup for disconnecting the user is available, do you know if it can be tweaked to add that information?thanks a lot :)</time>
-
Do you have "re-authenticate every minute" enabled on CP ?
A user can only be rejected if he tries to authenticate. So if a user authenticates with a time limit remaining of 10min and then is browsing the web for 20minutes the CP will not reject the user because there is no authentication reaquest the RADIUS server could answer.Popup:
Perhaps you can edit the .php file of CP to display your session-timeout attribute. But I am not sure. -
meh…
thanks for the help, i wasn't reauthenticating users every minute :)now it disconnects users accordingly.
-
Hello everyone, i have a question for you, i hope someone can help me out because i really can't get this :)
i have enabled captive portal on my pfsense "wifi" interface (i named it like that) and configured the captive portal to use freeradius, i've installed the freeradius2 package on pfsense and it really works fine, i can also connect it to an external MySQL, it can read users, bandwidth limit per user works and i'm really happy about that.
the only problem that i'm facing now is that i would like to give a limited amount of time to users per day.
i noticed that there is this parameter i can add into the radcheck table: Max-Daily-Session := <time in="" seconds="">which should do the trick.
the problem is that the user doesn't get disconnected by the captive portal once the timelimit has expired.
If i log out and try to login again i receive the message i can't login because of timelimit exceeded, but the captive portal won't force me out.i tried the same feature with local user database and in that case everything seems to work fine, do you know if i need to enable something in particular in the freeradius configuration for this to work with mysql?
i also add another quick question (if this can be done) without opening another thread.
i'd like to have a popup showing me the remaining time when i login to the captive portal, i've seen a popup for disconnecting the user is available, do you know if it can be tweaked to add that information?thanks a lot :)</time>
Hello Rampage
Could you explain, how you limit bandwidth per user and group in MySql database? I have tried a lot but it is not success. I used phpMyAdmin to edit MySql database. Here under is my config:
radreply
username–-------attribute-----------------------op----valuestudent1 WISPr-Bandwidth-Max-Down == 512
student1 WISPr-Bandwidth-Max-Up == 128
student2 WISPr-Bandwidth-Max-Down == 512
student2 WISPr-Bandwidth-Max-Up == 128radgroupreply
Group name–-----Attribute-----------------------op----ValueGroupA WISPr-Bandwidth-Max-Down == 512
GroupA WISPr-Bandwidth-Max-Up == 128Thank you
-
Are you sure, that the operator must be "==" and not better ":=" ?
-
Are you sure, that the operator must be "==" and not better ":=" ?
Ok, Nachtfalke
I try to change to (:=) and test it again.
I limited bandwidth to "radreply"and "radgroupreply" in MySql database and next, at Captive Portal I enabled option "Enable per-user bandwidth restriction". After that at Captive Portal login page I use my username "student1" from MySql database to login but I could not access to internet at all. But if I do not enable this option "Enable per-user bandwidth restriction" in Captive Portal I can surfing to internet. It look like MySql and Captive Portal and FreeRadius2 does not work together with bandwidth limit per user and group. Do you have some idea what I have done something wrong?
Thank you
![Enable per-user bandwidth restriction.png](/public/imported_attachments/1/Enable per-user bandwidth restriction.png)
![Enable per-user bandwidth restriction.png_thumb](/public/imported_attachments/1/Enable per-user bandwidth restriction.png_thumb) -
set 1000 as bandwidth limit. If the description is correct then it will be overwritten by RADIUS. Perhaps an emty value causes a problem.
Further I know it is working on pfsense 2.0.1 CP + freeradius2 + bandwidth-limit in users file. I do not see any reason why it should not work with MySQL.
You can run radiusd -X from console in debug mode.
This will show you the attributes which are sent to CP. -
set 1000 as bandwidth limit. If the description is correct then it will be overwritten by RADIUS. Perhaps an emty value causes a problem.
Further I know it is working on pfsense 2.0.1 CP + freeradius2 + bandwidth-limit in users file. I do not see any reason why it should not work with MySQL.
You can run radiusd -X from console in debug mode.
This will show you the attributes which are sent to CP.Hello Nachtfalke
I set 1000 bandwidth limit that you recommended and it is working. I think that there have some bugs between pfSense 2.1, Captive Portal, FreeRadius2 and MySql. Today I just updated pfSense 2.1 Beta0 and Captive Portal, FreeRadius2 and MySql as bandwidth limit does not work again. I think, I am going back to use pfSense 2.0.1 again. I will try to test Captive Portal, FreeRadius2 and MySql from there. To be honest I do not have too much experiences how phpMyAdmin and MySql work together. I am appreciate if someone can explain and make some screenshot. This is a links: http://forum.pfsense.org/index.php/topic,43675.msg235475.html#msg235475 that I read it.Thank you
-
Why do you use MxSQL ?
It can be done without MySQL.
How many users do you have on CP ?
If there are not mor ethan 500 users it will be probably ok with some "up to date" hardware and without mysql. -
Why do you use MxSQL ?
It can be done without MySQL.
How many users do you have on CP ?
If there are not mor ethan 500 users it will be probably ok with some "up to date" hardware and without mysql.Hello Nachtfalke
I just repeat your question."Why do you use MxSQL ?"
Ans: Because at school, there are more than 800 students."It can be done without MySQL"
Could you explain how could be done without MySql, if the school has more than 800 students ?
You mean that I have to type all 100-450 users name at FreeRadius users tab and then using them together with FreeRadius and Captive Portal.Also, How can you limit bandwidth per "Group" if your school has more than 800 students?
"If there are not mor ethan 500 users it will be probably ok with some "up to date" hardware and without mysql"
You mean that I have to buy a new hardware if I have around 500 users.I hope that I don't ask you too much.
Thank you
Donny -
@Donny
I am so sorry. I forget about the fact that you would like to use group limits. This is not working without any database. So sorry for that.Hardware:
No need to buy new hardware if you are running MySQL on an external server. Most load will be on the MySQL database for the authentication and accounting. This can be done with lots more than your 800 users.Sorry that I cannot help you with the MySQL part. Perhaps ask user Rampage in a personal messag how he created the sql tables.
-
@Donny
I am so sorry. I forget about the fact that you would like to use group limits. This is not working without any database. So sorry for that.Hardware:
No need to buy new hardware if you are running MySQL on an external server. Most load will be on the MySQL database for the authentication and accounting. This can be done with lots more than your 800 users.Sorry that I cannot help you with the MySQL part. Perhaps ask user Rampage in a personal messag how he created the sql tables.
Thank you, Nachtfalke
I will try to contact him/her soon. I still keep testing it by my self first before I am asking some one to help. To be honest I have tested almost one week now but bandwidth limits for group is not successed. To use MySql users on database with Captive portal and MySql to authentication, I do not have any problem. Now time to get rest.
Anyway, thank you again
Donny
-
Just to make sure - you have enabled accounting on mysql and captiveportal, right ?
-
Just to make sure - you have enabled accounting on mysql and captiveportal, right ?
Thank you Nachtfalke
I will try it again soon. Hë, tired.
-
it's not enaugh to set the limit on the radius server, you also need to enable the feature on the NAS (captive portal setup) leaving fields empty.
Then the captive portal will refer to the values specified in radcheck or radgroupcheck in your mysql database.
the operator is :=
sorry if i took that long to reply, but it's been a while since i last visited the forum :)
-
in sorry if im asking something silly ..
it is possible to set an 'airtime' for every voucher? using CP or maybe thru freeradius?
for example user will able using 30minutes for surfing and download within 2 days.scenario example, user using 5 minutes and then log out. login again for 10 minutes more.
user keep going login and logout for 2 days until his time limit reach 30 minutes as i set.
in this case user will have 2 days 'airtime' and 30 minutes quota of time (time limit)sorry for my bad english ..thanks in advance to everyone
-
You need a radius server of sorts for that.
-
im installed freeradius2. after looked around for a few hours inside freeradius2.
kill some of my times google around but i found nothing similar to what i needi managed to create username and password. set a limit and quota for each of them.
but what i need is user only able to access using generate voucher without a username.
for example:
voucher package 1 : 30 minutes quota within 1 day (24hours) time limit(airtime)
voucher package 2 : 1440 minutes quota within 3 days (72hours) time limit(airtime)im sorry if im asking to much, im very new with pfsense but im willing to learn more.
i still do not have any idea what to do and where to start ..pls link me to any tutorial
thanks -
-
i already read that and still i cant find the way to solve my problem..
anyway thanks for ur kind reply